Active Roles is an AD proxy. It will sit between the user and Active Directory and determine if the user should be performing the task or not. Since the Active Roles service account is actually making the changes, the number of privileged accounts in AD can be reduced dramatically. This will also give you the ability to provide workflow for specific tasks that you need to protect (like adding/removing users from the Schema Admins group).

Joey Heaton is a Strategic Sales Engineer with Quest Software specializing in Microsoft Platform Management tools. Joey has over 25 years experience in the IT industry, including 10 of those working for...